Secrets and Lies: Digital Security in a Networked World
Enlarge cover
Rate this book
Clear rating
Open Preview

Secrets and Lies: Digital Security in a Networked World

3.93 of 5 stars 3.93  ·  rating details  ·  814 ratings  ·  43 reviews
Viruses. Identity Theft. Corporate Espionage. National secrets compromised. Can anyone promise security in our digital world?

The man who introduced cryptography to the boardroom says no. But in this fascinating read, he shows us how to come closer by developing security measures in terms of context, tools, and strategy. Security is a process, not a product – one that syste...more
Paperback, Second Edition, 401 pages
Published January 30th 2004 by John Wiley & Sons (first published 2000)
more details... edit details

Friend Reviews

To see what your friends thought of this book, please sign up.

Reader Q&A

To ask other readers questions about Secrets and Lies, please sign up.

Be the first to ask a question about Secrets and Lies

Secrets and Lies by Bruce SchneierThe Art of Intrusion by Kevin D. MitnickThe Cuckoo's Egg by Clifford StollFree Culture by Lawrence LessigGhost in the Wires by Kevin D. Mitnick
Cyber Self Defense Reading List
1st out of 22 books — 6 voters
The  C Programming Language by Brian W. KernighanIntroduction to Algorithms by Thomas H. CormenClean Code by Robert C. MartinCode Complete by Steve McConnellDesign Patterns by Erich Gamma
30th out of 54 books — 46 voters

More lists with this book...

Community Reviews

(showing 1-30 of 2,083)
filter  |  sort: default (?)  |  rating details
Rick Howard
Read full review at my blog:
See Cyber Security Canon Candidate List:

"Secrets and Lies: Digital Security in a Networked World" is the perfect book to hand to new bosses or new employees coming in the door who have not been exposed to cyber security in their past lives. It is also the perfect book for seasoned security practitioners who want an overview of the key issues facing our community today. Schneier wrote it...more
Ed Holden
I've wanted to read a Bruce Schneier book for a long time and this particular one was well rated. I might have confused it with the similarly named Liars and Outliers, which came out much more recently. What I didn't realize when I bought Secrets and Lies it is that Schneier published it in 2000, so it's both an insightful look at computer security practices and a trip down foggy memory lane.

Most of the advice in this book is still perfectly valid, like the importance of intrusion detection in a...more
I'm a technology end-user, deluged with acceleratingly frequent news reports of large corporations getting hacked, have recently been using my internet banking passcode generator, and occasionally placing basic htaccess security on my websites.

Thus, increasingly aware that security isn't to be left solely to experts who run the banking systems and data storage and transfer facilities- even casual users need an understanding of the premises on which they're built, and are responsible for correct...more
Slightly dated, but still a very good book that gives a reader who is uninitiated/unfamiliar with information security a clear idea about what information security actually is, how it affects us all (as a generation of humans connected by internet), how to protect information systems and tactics criminals use to break those systems (from malware to social engineering). The book is written in language the average person can understand and really provides an eye opening look at the role cryptology...more
Jonathan Katz
time to update my review given that i am now finished!

one thing that slightly annoyed me while i was reading the book was that it did not appear that schneier was offering any solutions to the problems that he was presenting in information security. but, after a certain point, that is when i realized: there really are no clear-cut solutions. as schneier emphasizes throughout the book, security is a process, not a solution. there is no generally algorithm for applying a security process; it reall...more
Secrets and Lies is a non-technical , non-mathematical book that deals with the "social" , & practical day-to-day aspects of hacking and security breach and violations. The book explains the hows and whys of hackings and its consequences. It explains the different types of cyber crimes i.e. identity thefts, ATM thefts, etc. and explores the causes of each in a different viewpoint than just code flaws or weak algorithms. It focuses specially on the Social Engineering aspect, the fallibility o...more
An excellent overview of what digital security is all about. Many people equate it with firewalls and encryption, based on poor news stories among other things, but that's only a small facet of what real security is. This book covers security from a much larger perspective.

What most surprised me, while reading this in 2013, is how prescient this book turned out to be. Originally written between 1998 and 2000, it anticipated the numerous challenges our industry has faced since then. It feels very...more
Nick Black
The second star is solely due to Schneier sending me this book in a nice signed hardback edition -- at 24, such things are a fine trouser-rouse. That having been said...sorry mang, but I certainly wouldn't have paid for it. I kind of imagine him with a blissful look on his face, eyes tightly drawn, visions of Counterpane Security profits dancing in his head as he builds towards an eruptive....well, you'll have to read Secrets and Lies yourself. But don't take my animadversion for it, or else y...more
So far, I believe this book is the best resource to motivate readers to learn computer security. Written like those non-fictions (instead of textbooks), this book is appropriate to be read by anyone who would like to know about computer security.

The author tried to convince that computer security is a need instead of merely theory. He presented few examples of cases that worth reading. Those examples are firstly presented in human view, then he linked up to some relevant theories. He rarely put...more
Alis Franklin
The INFOSEC book by the INFOSEC guy. Also pretty accessible to people outside the field, so if you've got even a passing interest in all this computer security stuff, this is the place to start.
School books are fun!!! Actually they are, when dealing with a topic you particularly like. Which I do in this case, so that wasn't a sarcastic statement. So there. Feel bad now?
Alright, now to be serious. I am currently taking this book for a Cyber Self Defense class. As one reviewer mentioned, it is outdated but the information in this book is still very useful. It covers a huge range of topics and is still considered required reading for any Info Security professional. This wasn't the...more
Dave Peticolas

A pragmatic approach to computer security with a focus principles and processes rather than specific technologies.

This is a great overview of computer security from a literal legend in the area. Written for a non-tech audience, the material becomes easier to grasp with examples and situations people are already familiar with. Towards the end I found that the author almost intentionally used at least one '$10 word' per page and I wonder if that is intentional (like a book code). Regardless I finished this book regardless of dropping it in a muddy puddle. Highly recommended though you'll be stuck with dead-tr...more
Nabil Saba
is fun & AMZEING TOO
Although some elements are a bit dated now, I found a style within Schneier's book that was one of the most approachable and "no nonsense" that I've ever experienced -- especially for a technical topic. Schneier places some sound logic and serious thinking behind questions concerning the basis for security how's and why's.
Schneier is simply amazing. Instead of the usual super technical, down-and-dirty details of information security, Bruce takes a step up into the realm of the businessman and that of the world of the tech-illiterate and helps them see why and how information security and assurance is always failing and how THEY can prevent it.
Eric Durant
I recommend reading the more recent Schneier books first, but this one remains amazingly relevant in 2013. The few examples that are dated often serve the probably unintended purpose of appreciating the constancy of the fundamentals. This will be required reading in my 2014 information security elective offering.
Tengku Zahasman
Although a bit outdated, many of its contents are still relevant today. It covers computer security in a very broad and general sense. It is quite obvious from the writings that the author is very passionate about cryptography. Just in case you're wondering, there's not many secrets and lies in this book.
Great common-sense approach to security. He has a very down to earth perspective on what can be a very complicated subject. My favorite tenet he constantly emphasizes is not to trust that an impenetrable front door will prevent attackers from finding a way to bypass the door to get a way in.
This is a great, comprehensive book on information security. Sometimes I felt like it was a heavy read. But, Schneier uses effective stories to help it move along. I'm glad I read it; however, I wouldn't read it unless you want to really learn about info sec.
Josh Scholl
An excellent book that explores the principles of digital security from a perspective that is easily accessible to an intelligent layperson and yet highly useful to an experienced IT Professional. I thoroughly recommend this book to anyone who owns a computer.
Прекрасная книга про безопасность, пусть и немного устаревшая. Автор чётко структурирует информацию. Читать нужно медленно и вдумчиво, потому что в ней совсем нет воды.
Мне особенно была интересна глава про инфраструктуры открытых ключей.
Anthony Towry
This book is seriously dated. That said, if you weren't there during the late 90's it might explain some things. I wouldn't recommend this for the salty dogs of the industry, but students or interns could benefit from a high-level wide-angle view.
Good use of language and phrases. Thought-provoking. One has to wonder how many times the word "detection" was used from a guy in the detection business though!
Overall, I was glad I read this book.
"The starting point for anyone interested in computer security. The book is a classic and has many imitations. Schneier is brilliant and is still a leading luminary in the world of security."
Written so that anyone can understand. Helped me understand the difficulty of ensuring digital security. Full of interesting stories that happened behind the scenes. I recommend everyone read it.
Keheliya Gallaba
Oct 28, 2011 Keheliya Gallaba rated it 5 of 5 stars
Recommends it for: everyone working with computers
Shelves: cyber-security
A great introduction to information security. Bit outdated technically, but covers all most all the important principles of the subject in simple language. One big cool read.
A good, solid read on security. The principles stand the test of time even as the technology that we use now has matured significantly from when the book was first written.
Interesting in a sense as he addresses some fundamental flaws in our thinking, and highlights some quite basic commercial insanities that we all subscribe to.
Bruce gives examples of many real world situations, but I think that he states an overly paranoid opinion about many things.
« previous 1 3 4 5 6 7 8 9 69 70 next »
There are no discussion topics on this book yet. Be the first to start one »
  • Practical Cryptography
  • Reversing: Secrets of Reverse Engineering
  • Security Engineering: A Guide to Building Dependable Distributed Systems
  • The Protocols (TCP/IP Illustrated, Volume 1)
  • Metasploit: The Penetration Tester's Guide
  • Hacking Exposed: Network Security Secrets & Solutions, Fifth Edition
  • Hacking: The Art of Exploitation
  • The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers
  • The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage
  • Crypto: How the Code Rebels Beat the Government--Saving Privacy in the Digital Age
  • The Best of 2600: A Hacker Odyssey
  • Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet
  • The Hacker Crackdown: Law and Disorder on the Electronic Frontier
  • The Practice of System and Network Administration
  • The Tangled Web: A Guide to Securing Modern Web Applications
  • Where Wizards Stay Up Late: The Origins of the Internet
  • Writing Secure Code
  • The Unix Programming Environment
Applied Cryptography: Protocols, Algorithms, and Source Code in C Liars and Outliers: Enabling the Trust that Society Needs to Thrive Beyond Fear: Thinking Sensibly about Security in an Uncertain World Schneier on Security Schneier's Cryptography Classics Library: Applied Cryptography, Secrets and Lies, and Practical Cryptography

Share This Book